Wednesday, July 30, 2014

Resume

Just posting my resume. No reason. Have a look. Critique.

Resume

Monday, July 21, 2014

First assessment of Syracuse University's Veterans Technology Program







Yesterday I began the enrollment process for the Veterans Career Transition Program hosted by Syracuse University. The following are some noteworthy observations about the registration/pre-launch process.

June 17
Received acceptance email for the July 2014 Cohort!

June 25
Received "next steps" inviting me to view the VCTP admissions overview video.

July 1
The first email I received had an attached standard course registration form. Nothing really to note here except that the form was partially completed by a staff member (convenient) and the Social Security Number block was labeled "Optional." This is a good thing since it lets students know that you do not have to provide it. I do question why the option to give my SSN is even there. I'm sure it eases the burden on staff processing but the h4x0r in me shivers a little.

The second email I received was an official welcome letter from the Director of the Distance Education Programs. I liked the letter because it highlighted key information about the program and my cohort. It also clearly stated who I could call if I have any questions. Hazel, you will not get a call from me yet.

July 10th
Received email notification today that my registration form has been processed.

July 16th
Received an email today that was conveniently broken up into 5 easily digestible parts
1. Advisor: I was assigned an adviser and given her contact details. Ashley F. I am glad to make your acquaintance. Looking forward to our new working relationship!
2. Java Update: This section advised me of a new Java update. This is the second item so far that makes the h4x0r in me shiver. Unlike the SSN issue above, there is no workaround. Looks like I am stuck with using Java (and opening my computer to a whole host of vulnerabilities).
3. Social media: There are 2 social media platforms that the program uses to reach veterans. You can follow them on Twitter @SUgetvet and on Facebook http://www.facebook.com/SUgetvet. They made it clear that this is not required for the course but recommended it for keeping informed of various veterans benefits.
4. Orientation: I have online orientation on Monday, July 21st at 12:00 PM. This will show me how to access the course work.
5. What's Next: Letting  me know what to look for in the future.

July 16th
Received the Veterans Career Transition Program Advising Guidelines which outlines the requirements and reminds the student to use the adviser.

July 21st
Received my log in creds for the coursework in Skillport. (via email) Doh! Logged in and changed my password. Standard for a university.

Class begins...

I get the feeling that SU has its act together with regards to this program. The process seems to be well documented and followed. Each email references the prior email and refers to a followup email. This acts as a chain that is easy to follow. I hope the course material is just as well done. More to come.

Monday, July 14, 2014

InfoSec Triple Crown 2014: It is Official

It appears that the InfoSec Triple Crown is on for another year.

Con Location Dates* Website Twitter
DerbyCon Louisville, KY 26-28 September https://www.derbycon.com @DerbyCon
SkyDogCon Nashville, TN 24-26 October http://www.skydogcon.com @SkyDogCon
Hack3rCon Charleston, WV 14-16 November http://hack3rcon.org @hack3rcon

*Dates do not include any training that may be offered. Check websites periodically for this information.

See you there!

Wednesday, July 9, 2014

August: The Month of the Geek!

I am officially declaring the month of August as "The Month of the Geek!" Why? What other month has a series of conferences the likes of Black Hat, BSides Las Vegas, PasswordCon, and DEFCON within the first two weeks? Not only that, they are all co-located within 3 miles of each other! What?!?!

Here is a list of recommendations leading up to, during, and after this whirlwind of learning, hacking, and frivolity.

1. Read blogs/sites about the cons so you can get perspective. I recommend these blogs:

Take what these site tell you as a grain of salt. Remember that YOUR con experience is set by YOU.


2. Follow @HackBus on Twitter. HackBus is an event in itself. Watch as a band of merry men, and women, journey from the Bay area through California and on to greatness!

3. Follow @defconparties on Twitter. You going to Vegas on a budget? @defconparties can get you free food, drinks, and entertainment!

4. Go with a purpose and a plan. Try to stick to it. If you suffer from "shiny object syndrome" this week can be exhausting. Even if your plan sucks, it is easier to deviate from a plan than it is to make one up on the fly.

5. Attend the DEFCON Toxic BBQ. During my first DEFCON (17), I met and spoke with Cap'n Crunch. Are you kidding me? Just make sure you bring some meat, sides, drinks, or volunteer to cook.

6. Attend the DEFCON Shoot hosted by @deviantollam. This is a chance to throw some lead down range with like minded individuals. Full auto guns usually make an appearance and there could even be a cannon.

7. Meet and greet. This one was a hard one for me at first but it can be a game changer. DEFCON even has a badge contest that requires human contact. Some of the greatest minds in the world attend. Collaborate!

8. Make sure you attend BSides Las Vegas. What you will find is the same level of talks as Black Hat (better in my opinion) and DEFCON. You can hear talks from the newest vulns discovered to how to properly make an Old Fashioned. No prior signup needed this year. You get your badges at the door.

9. Sign up as a volunteer at one of the conferences. You give back to the community and feel great about yourself. Some of these cons even feed you. (Remember #3 and the budget thing?)

10. Hang out at the Lock Pick Village/ Wireless Village. Heck, a couple of years ago I was hanging out at the Wireless Village when they started a training session for the Technician Class Ham license. I listened to what they had to say, took the test the next day, and got certified. Last year I studied a little, asked some of the Elmers some questions, and passed the General Class test.

11. Stop by and say hello to the staff of Hackers for Charity. They will blow you mind. You will walk away knowing that hackers do great things in the world.

Good luck to all! I hope to see you there! I am easy to spot. I will be the short, overweight guy, with stubble and wearing a tee shirt.

Monday, June 30, 2014

Syracuse University supports Military with "retraining" efforts

     I have just been accepted to a training program paid for by JP Morgan Chase and hosted by Syracuse University. The program is called the Veterans Career Transition Program or VCTP. The purpose of the program is to help military Veterans and their spouses codify their experience with an industry certification or train them for transition into the civilian workforce.
     Rather than restate what is on their website, I will simply post the link to their program "one pager." As I go through the program, I will blog about my experience. Please pass this along to anyone you know who is a Veteran or the spouse of a Veteran..
   
     P.S. I have decided to pursue my PMP certification since I have performed that role for years but never too that leap to certification.

Sunday, June 15, 2014

CircleCityCon: A great new con with a big future

   
For those who have read my blog before, you know I have a passion for "local" cons. BSides Nashville, AIDE, Hack3rCon, SkyDogCon, DerbyCon...I like them all. Now there is one more to add to the list. The inaugural CircleCityCon was held this weekend in Indianapolis, IN. I feel honored that they allowed me to volunteer as an IronGeek video jockey and selected my daughter as a speaker. The organizers are familiar faces who I have seen at many other regional cons.
     The format of the con is the familiar setup of speaker halls (2x), high quality training (free), a CTF, lock pick village, and something new to me, a book exchange. The lineup of speakers was top notch and the training, I was told, was professional.
     Of special note was the feel of the con. It reminded me of DerbyCon. I did not witness any drunken stupidity or general d-baggery. I look forward to seeing everyone again next year.

Now...how do I get to GrrCon?

Here is the link to our presentation. (Thanks as usual Adrian!)

Wednesday, May 21, 2014

BSides Nashville: The wrap-up

Elvis is in the building!
     Yep, that happened. Not only did BSides Nashville have world class speakers, free ribs for lunch, and a healthy turnout of first time con-goers (round 70% said it was their first con), they had this guy! The only negative comment I have about the whole thing is that my work laptop - with my presentation - crashed. This didn't affect me too much since I had my presentation saved in multiple places and only had to recreate about an hour worth of work.

     If you want to watch my presentation, click here. As always, thanks to Adrian for donating his time and energy to recording the talks. Also, thanks to the organizers for allowing me to help Adrian. You should all volunteer at least once at a con. There is no easier way, to give back to the community.
 
Here are the things I messed up in my presentation that I want to call out:  
1. Totally butchered the meaning of Confidentiality. I got caught up in the moment.
2. I didn't come up with the tag line on the sticker.
3. The "small cons that don't mean anything" line was the result of my sending a CFP to a large, well known conference. They responded by my query by saying that line.
4. The $80 I spent for the RachelPi was raised by Emily.
5. Not EVERY presentation in the military has a Sun Tzu quote. Just the ones given by the rear echelon people.
6. I do know what a "belt and suspenders" DMZ is, I just haven't seen one in a while.
7. My buddy that calls people "business units" is from Spain so he doesn't have a mastery of English.

Thanks for your time and I hope to see you at Circle City Con in Indianapolis.

Saturday, May 10, 2014

ISSA Kentuckiana NMAP Workshop


What do you get when you combine hacking with charity? Hackers for Charity of course. On May 10th, the Kentuckiana Chapter of ISSA once again showed their heart when they offered an NMAP class for all levels of hackers. The price of this well done class was a paltry $40 donation to "The Long Journey to Africa" of Hackers for Charity.

The instructors were well known and well respected industry experts Jeremy Druin (@webpwnized)Adrian Crenshaw (@irongeek_adc), and Martin Bos (@purehate_).  

I would like to also thank Sullivan College of Technology and Design for allowing the use of their facilities.

If you are interested in watching the presentation, Adrian will post it on his training and education server at irongeek.com.


Tuesday, May 6, 2014

BSides Nashville: There is an app for that!

Looks like the founders of BSides Nashville have kicked it up a notch (again!). Today in the Twitterverse I noticed they were pushing an app that enables con-goers to carry their program on their cellphone. Check out the tweet:
After downloading the Eventjoy app I was able to see maps of the con, the speaker list, speaker bios, sponsor information, and notifications (as well as other things). The coolest thing about the app was the ability to build "My Agenda" from the "Schedule" menu with a simple click.

The app rocks and BSides Nashville should be commended on having the foresight to use it.

Which begs the question, why aren't more cons using these kind of tools to enhance the con experience?

Monday, April 21, 2014

B-Sides Nashville: Another excellent con (I'm sure)

     Another installment of B-Sides with a touch of Southern charm. From what I understand it came in as reason #26 in a recent top 25 reasons to visit Nashville. From all the chatter, it appears to be a reunion of sorts for the many of the people that attended SkyDogCon last year.
 
     This is the first con I have ever submitted a CFP to where I didn't get selected. Am I bitter. Heck NO! Not when you see a lineup of presenters like Jack Daniel, Paul Coggin, Rafal Los, Jason Street, and others. This first year con is STACKED! Add to this lineup a Metasploit class (only $300) by Georgia Weidman and you have what promises to be a great couple of days.

     If you can make it on May 17th, feel free to stop by and say "Hi." I have decided to volunteer for the video crew. If you have never met me, I will be the handsome but portly fellow behind one of the cameras.

     Feel free to check out their website http://www.bsidesnash.org/ It is one of the best B-Sides websites I have ever seen. Perhaps a bit of foreshadowing?

P.S. This blog was meant to post in April but didn't due to operator error. I decided to leave it intact but add an update. I was asked to present! Woo hoo! Make sure you come to my presentation: Sun Tzu was a punk! Confucius was an InfoSec rockstar!

Friday, April 18, 2014

AIDE 2014: Emily steps up her game!


     Are you going to be in the Huntington, WV area next week? If so, stop by the Appalachian Institute of Digital Evidence annual conference. What you will get is a week long training and presentation conference that only costs $60. This will be my 3rd time to attend and I am proud to say, my 2nd time selected to speak. This time I will be sharing the stage with my daughter Emily. We will be giving a first hand account of building and deploying a RachelPi educational computer to Kenya. In addition to this, we will give an update of our return trip.

     Check out the AIDE website at www.appyide.org What you will find is an organization dedicated to forensics, e-discovery, and Information Security.

     I hope to see you all there!

Thursday, April 17, 2014

A short (musical) history of my life in IT


1980's: Listened to "Alternative" music on my boombox while playing on my TRS80 Color Computer 2

1990's: Listened to "Grunge" on my Walkman while installing computers and pulling cables

Late 1990's: Listened to "Rock" streaming on my computer while installing and managing Cisco routers

2000's: Listened to "progressive-house music" streaming on my computer while pentesting and doing reverse MALWARE analysis

2010's: Listen to blues, classical, and jazz while writing security policy

I think I may be going down hill...

Thursday, February 6, 2014

ShmooCon video of our talk is up!


Hey all. I wanted to take the time and thank everyone who came to hear me and my daughter (with a guest appearance by Johnny Long) speak about our project in Kenya. If you did not see our presentation, please feel free to watch it here. 20 minutes of your time is not too much to ask, right?

Watch video here.



Also, don't forget to donate to Hackers for Charity! They are doing GREAT work in Uganda.



Monday, January 20, 2014

ShmooCon: It Lived Up To The Hype, But Not For The Reasons I Thought

 


     I have known about ShmooCon for years now. I have always wanted to go but could not justify spending the money. I have even submitted a few CFPs and was actually glad they weren't accepted. Getting turned down made it easier to not spend the cash and go.
    Unlike other prospective presenters, some of whom I consider strong acquaintances, I never have felt entitle when it comes to CFPs. Also, I never get upset when I am not selected at a conference. Quite the contrary, I get upset when I hear others complain about getting turned down.
     This year was completely different. I REALLY wanted to go to ShmooCon and I REALLY wanted to present. Not for me though, for my daughter.
     My daughter, Emily, has always has a kind and giving heart. This genuine care for others was readily apparent at an early age. As she grew older, her love and need to assist others grew too. In 2013, my wife and I decided that it was time for Emily to travel with my mother-in-law on a mission trip to Kenya. Prior to the trip, Emily and I learned about the many uses of the RaspberryPi. After talking to Sam of Hackers For Charity, I learned about the RachelPi learning system from World Possible. Emily raised over $1,000 for her trip and decided to provide a RachelPi to the children of the Future Hope orphanage. We then built a RachelPi and she took it to Kenya with her. On this trip, Emily would assist in building a school at an orphanage, install the RachelPi, provide 2 computers to the kids, and help teach a vacation bible school at another school.
     When I wrote the CFP for this year's ShmooCon, I actually became very nervous. You see, I wrote the CFP with the hopes that my daughter would be selected to speak. Because she is 14 and cannot travel alone, I added my name to it. After what seemed like an eternity, I got that fateful email. We were accepted! My attention turned to prayers of thankfulness and safe travels. You see, Emily was scheduled to return to the US the Tuesday before we left for Shmoo. If she had travel issues like bad weather, this whole plan could be shot.

Emily testing the RachelPi
     To make an already long story shorter, all went well in Africa (there were a couple of hiccups like no power in the new orphanage site). The RachelPi was handed over to the staff of the orphanage, a care provider was trained on how to use it, and the computers still worked.
     As for ShmooCon, I have heard for years that the staff and attendees were very friendly and the atmosphere was laid back. What I learned is that this was true. I am glad I went this year and I am glad my daughter got to speak in front of a rather large audience.
Helping build a school

   
After our presentation, Johnny and Sam pulled us aside and offered to help us on our next trip. They provided us with a PelicanPi and support for a future trip to Kenya. This is something that really touched me and am embarrassed to say brought me to tears (I was able to keep it together when they were talking to us but lost it later). I have had many encounters the staff and volunteers of HFC and I know they do good work but I never thought they would help us do that work too.
Johnny Long, Emily, and me
     After getting home and discussing logistics with my wife, we have tentatively decided to take a trip to Uganda and Kenya in the Fall of this year (before the rainy season). At a minimum, Emily and I will go. We are praying that my wife will be able to go with us. Plans may change but, God willing, this is a GO!

Note: As usual, I will post a link to the presentation when the videos are uploaded.